I got these tips from an old message on this list, I hope this helps you as well.
# rule-based rewriting engine to rewrite requested URLs on the fly LoadModule rewrite_module /usr/lib/apache/modules/mod_rewrite.so # # Redirect allows you to tell clients about documents which used to exist in # your server's namespace, but do not anymore. This allows you to tell the # clients where to look for the relocated document. # Format: Redirect old-URI new-URL # # This is a tip from jont #openbsd.org RedirectMatch ^.*\.(ida|exe|dll).* http://support.microsoft.com/ ### Special section for stopping bad traffic and DDoS attack type, etc # This list are all global rewrite rules that can be turn on per virtual # server. RewriteCond %{HTTP_REFERER} ^$ RewriteCond %{HTTP_USER_AGENT} ^$ RewriteCond %{REQUEST_URI} ^/$ # RewriteRule ^/.* http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)cmd.exe(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)root.exe(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)shell.exe(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)\/_vti_bin\/(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)\/_vti_cnf\/(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)\/_vti_inf\/(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)\/scripts\/\.\.(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)\/_mem_bin\/(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)\/msadc\/(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)\/MSADC\/(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)\/c\/winnt\/(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)\/d\/winnt\/(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)\/x80\/(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] RewriteRule (.*)\/x90\/(.*)$ http://support.microsoft.com/$1 [L,E=nolog:1] # Various attempts found in my logfiles, always eager to please: RewriteRule (.*)php(.*)$ http://www.php.net/$1 [L,E=nolog:1] RewriteRule (.*)awstats(.*)$ http://awstats.sourceforge.net/$1 [L,E=nolog:1] # Various attempts found in my logfiles, always eager to please: RewriteRule (.*)php(.*)$ http://www.php.net/$1 [L,E=nolog:1] RewriteRule (.*)awstats(.*)$ http://awstats.sourceforge.net/$1 [L,E=nolog:1] # Against phpbb exploit searchers RewriteRule (.*)forum(.*)$ http://www.phpbb.com/$1 [L,E=nolog:1] RewriteRule (.*)discussion(.*)$ http://www.phpbb.com/$1 [L,E=nolog:1] RewriteRule (.*)foros(.*)$ http://www.phpbb.com/$1 [L,E=nolog:1] # RewriteRule (.*)nar(.*)$ http://www.phpbb.com/$1 [L,E=nolog:1] RewriteRule (.*)portal(.*)$ http://www.phpbb.com/$1 [L,E=nolog:1] RewriteRule (.*)discussion(.*)$ http://www.phpbb.com/$1 [L,E=nolog:1] # Complex rules bb.gif is ok, anything else with bb is sent to phpbb RewriteRule (.*)bb(.*)$ - [C] RewriteRule !(.*)bb(.*)\.gif$ http://www.phpbb.com/$1 [L,E=nolog:1] RewriteRule (.*)board(.*)$ - [C] RewriteRule !(.*)board(.*).pl(.*)$ http://www.phpbb.com/$1 [L,E=nolog:1] SetEnvIf Referer 0 nolog=1 SetEnvIf Request_URI 0 nolog=1 RewriteEngine on # Han
